Re: [MAGNet] Fwd: ScanMail Message: To Sender, virus found and action taken.

Date view	Thread view	Subject view	Author view

From: John Ward (j_ward@uclink4.berkeley.edu)
Date: Thu Oct 31 2002 - 11:12:12 PST

Next message: by way of Micronet mailing list administrator: "[MAGNet] Opening a Mac CD tray without the "Media Key""
Previous message: Greg Merritt: "Re: [MAGNet] Fwd: ScanMail Message: To Sender, virus found and action taken."
In reply to: Michael Rimar: "[MAGNet] Fwd: ScanMail Message: To Sender, virus found and action taken."

Hi Michael,

Here's one possible explanation. The Klez worm has the unusual ability to
spoof the From: address when sending a message. It's possible that the
offending message was sent from another computer even though your email
address was in the message's From: header. More information about this is
available here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html

Best, John

At 08:43 AM 10/31/2002 -0800, Michael Rimar wrote:
>Hi folks:
>I don't know if this is of significance: I think maybe I am cc'd due to a
>list associated with something sent? I didn't send anything to this
>recipient.
>
>If helpful, here it is. If not, thanks for looking!
>
>michael
>
>>From: System Attendant <ALMA-SA@tpgnc.com>
>>To: "'mrmr'" <mrmr@uclink4.berkeley.edu>
>>Subject: ScanMail Message: To Sender, virus found and action taken.
>>Date: Thu, 31 Oct 2002 08:20:06 -0800
>>MIME-Version: 1.0
>>ScanMail for Microsoft Exchange has detected virus-infected attachment(s).
>>Place = dcarroll@tpgnc.com
>>Sender = mrmr
>>Subject = W32.Klez.E removal tools
>>Delivery Time = October 31, 2002 (Thursday) 08:20:04
>>Action on virus found:
>>"WORM_KLEZ.H" virus was found in attachment "install.exe",
>>ScanMail has moved the attachment to C:\Program Files\Trend\Smex\Virus.
>>Message from recipient's administrator:
>>Warning to sender. ScanMail detected a virus in an email attachment you sent.
>
>
>
>--
>------------------------------
>Michael Rimar
>Administrative Assistant
>UC Botanical Garden
>200 Centennial Drive
>Berkeley, CA 94720-5045
>(510) 642-0849
>fax (510) 642-3012
>------------------------------

John Ward
Computer Resources/Support
Institute of Human Development
1127 Tolman Hall #1690
University of California, Berkeley
Phone: (510) 643-1230
Fax: (510)642-7969
http://ihd.berkeley.edu/

Office Hours:

Monday, Wednesday, and Friday
10:00am -1:00pm, 2:00pm - 5:00pm

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.

Next message: by way of Micronet mailing list administrator: "[MAGNet] Opening a Mac CD tray without the "Media Key""
Previous message: Greg Merritt: "Re: [MAGNet] Fwd: ScanMail Message: To Sender, virus found and action taken."
In reply to: Michael Rimar: "[MAGNet] Fwd: ScanMail Message: To Sender, virus found and action taken."

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 11:14:25 PST